| [ Index ] |
|
Code source de Horde 3.1.3 |
1 <?php 2 3 require_once 'Horde/DataTree.php'; 4 5 /** 6 * The Perms_datatree:: class provides a DataTree driver for the Horde 7 * permissions system. 8 * 9 * $Horde: framework/Perms/Perms/datatree.php,v 1.6.2.12 2006/07/20 18:50:05 chuck Exp $ 10 * 11 * Copyright 2001-2006 Chuck Hagenbuch <chuck@horde.org> 12 * Copyright 2004-2006 Jan Schneider <jan@horde.org> 13 * 14 * See the enclosed file COPYING for license information (LGPL). If you 15 * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html. 16 * 17 * @author Chuck Hagenbuch <chuck@horde.org> 18 * @author Jan Schneider <jan@horde.org> 19 * @since Horde 3.0 20 * @package Horde_Perms 21 */ 22 class Perms_datatree extends Perms { 23 24 /** 25 * Pointer to a DataTree instance to manage the different 26 * permissions. 27 * 28 * @var DataTree 29 */ 30 var $_datatree; 31 32 /** 33 * Constructor. 34 */ 35 function Perms_datatree() 36 { 37 global $conf; 38 39 if (empty($conf['datatree']['driver'])) { 40 Horde::fatal('You must configure a DataTree backend to use the Perms DataTree driver.', __FILE__, __LINE__); 41 } 42 43 $driver = $conf['datatree']['driver']; 44 $this->_datatree = &DataTree::singleton($driver, 45 array_merge(Horde::getDriverConfig('datatree', $driver), 46 array('group' => 'horde.perms'))); 47 } 48 49 /** 50 * Returns the available permissions for a given level. 51 * 52 * @param string $name The permission's name. 53 * 54 * @return array An array of available permissions and their titles. 55 */ 56 function getAvailable($name) 57 { 58 if ($name == DATATREE_ROOT) { 59 $name = ''; 60 } 61 return parent::getAvailable($name); 62 } 63 64 /** 65 * Given a permission name, returns the title for that permission by 66 * looking it up in the applications's permission api. 67 * 68 * @param string $name The permissions's name. 69 * 70 * @return string The title for the permission. 71 */ 72 function getTitle($name) 73 { 74 if ($name == DATATREE_ROOT) { 75 return _("All Permissions"); 76 } 77 return parent::getTitle($name); 78 } 79 80 /** 81 * Returns a new permissions object. 82 * 83 * @param string $name The permission's name. 84 * 85 * @return DataTreeObject_Permissions A new permissions object. 86 */ 87 function &newPermission($name) 88 { 89 if (empty($name)) { 90 return PEAR::raiseError('Permission names must be non-empty'); 91 } 92 93 $type = 'matrix'; 94 $params = null; 95 if ($pos = strpos($name, ':')) { 96 $info = $this->getApplicationPermissions(substr($name, 0, $pos)); 97 if (!is_a($info, 'PEAR_Error')) { 98 if (isset($info['type']) && isset($info['type'][$name])) { 99 $type = $info['type'][$name]; 100 } 101 if (isset($info['params']) && isset($info['params'][$name])) { 102 $params = $info['params'][$name]; 103 } 104 } 105 } 106 $perm = &new DataTreeObject_Permission($name, $type, $params); 107 $perm->setDataTree($this->_datatree); 108 109 return $perm; 110 } 111 112 /** 113 * Returns a DataTreeObject_Permission object corresponding to the 114 * named permission, with the users and other data retrieved 115 * appropriately. 116 * 117 * @param string $name The name of the permission to retrieve. 118 */ 119 function &getPermission($name) 120 { 121 /* Cache of previously retrieved permissions. */ 122 static $permsCache = array(); 123 124 if (isset($permsCache[$name])) { 125 return $permsCache[$name]; 126 } 127 128 $permsCache[$name] = $this->_datatree->getObject($name, 'DataTreeObject_Permission'); 129 return $permsCache[$name]; 130 } 131 132 /** 133 * Returns a DataTreeObject_Permission object corresponding to the given 134 * unique ID, with the users and other data retrieved appropriately. 135 * 136 * @param integer $cid The unique ID of the permission to retrieve. 137 */ 138 function &getPermissionById($cid) 139 { 140 if ($cid == DATATREE_ROOT) { 141 $object = &$this->newPermission(DATATREE_ROOT); 142 } else { 143 $object = &$this->_datatree->getObjectById($cid, 'DataTreeObject_Permission'); 144 } 145 return $object; 146 } 147 148 /** 149 * Adds a permission to the permissions system. The permission must first 150 * be created with Perm::newPermission(), and have any initial users 151 * added to it, before this function is called. 152 * 153 * @param DataTreeObject_Permission $perm The new perm object. 154 */ 155 function addPermission(&$perm) 156 { 157 if (!is_a($perm, 'DataTreeObject_Permission')) { 158 return PEAR::raiseError('Permissions must be DataTreeObject_Permission objects or extend that class.'); 159 } 160 161 return $this->_datatree->add($perm); 162 } 163 164 /** 165 * Removes a permission from the permissions system permanently. 166 * 167 * @param DataTreeObject_Permission $perm The permission to remove. 168 * @param boolean $force Force to remove every child. 169 */ 170 function removePermission(&$perm, $force = false) 171 { 172 if (!is_a($perm, 'DataTreeObject_Permission')) { 173 return PEAR::raiseError('Permissions must be DataTreeObject_Permission objects or extend that class.'); 174 } 175 176 return $this->_datatree->remove($perm->getName(), $force); 177 } 178 179 /** 180 * Finds out what rights the given user has to this object. 181 * 182 * @param mixed $permission The full permission name of the object to 183 * check the permissions of, or the 184 * DataTreeObject_Permission object. 185 * @param string $user The user to check for. Defaults to the current 186 * user. 187 * @param string $creator The user who created the object. 188 * 189 * @return mixed A bitmask of permissions, a permission value, or an array 190 * of permission values the user has, depending on the 191 * permission type and whether the permission value is 192 * ambiguous. False if there is no such permsission. 193 */ 194 function getPermissions($permission, $user = null, $creator = null) 195 { 196 if (!is_a($permission, 'DataTreeObject_Permission')) { 197 $permission = &$this->getPermission($permission); 198 if (is_a($permission, 'PEAR_Error')) { 199 Horde::logMessage($permission, __FILE__, __LINE__, PEAR_LOG_DEBUG); 200 return false; 201 } 202 } 203 204 if ($user === null) { 205 $user = Auth::getAuth(); 206 } 207 208 // If this is a guest user, only check guest permissions. 209 if (empty($user)) { 210 return $permission->getGuestPermissions(); 211 } 212 213 // If $creator was specified, check creator permissions. 214 if ($creator !== null) { 215 // If the user is the creator of the event see if there 216 // are creator permissions. 217 if (strlen($user) && $user === $creator && 218 ($perms = $permission->getCreatorPermissions()) !== null) { 219 return $perms; 220 } 221 } 222 223 // Check user-level permissions. 224 $userperms = $permission->getUserPermissions(); 225 if (isset($userperms[$user])) { 226 return $userperms[$user]; 227 } 228 229 // If no user permissions are found, try group permissions. 230 if (isset($permission->data['groups']) && 231 is_array($permission->data['groups']) && 232 count($permission->data['groups'])) { 233 require_once 'Horde/Group.php'; 234 $groups = &Group::singleton(); 235 236 $composite_perm = null; 237 $type = $permission->get('type'); 238 foreach ($permission->data['groups'] as $group => $perm) { 239 if ($groups->userIsInGroup($user, $group)) { 240 if ($composite_perm === null) { 241 $composite_perm = $type == 'matrix' ? 0 : array(); 242 } 243 if ($type == 'matrix') { 244 $composite_perm |= $perm; 245 } else { 246 $composite_perm[] = $perm; 247 } 248 } 249 } 250 251 if ($composite_perm !== null) { 252 return $composite_perm; 253 } 254 } 255 256 // If there are default permissions, return them. 257 if (($perms = $permission->getDefaultPermissions()) !== null) { 258 return $perms; 259 } 260 261 // Otherwise, deny all permissions to the object. 262 return false; 263 } 264 265 /** 266 * Returns the unique identifier of this permission. 267 * 268 * @param DataTreeObject_Permission $permission The permission object to 269 * get the ID of. 270 * 271 * @return integer The unique id. 272 */ 273 function getPermissionId($permission) 274 { 275 return $this->_datatree->getId($permission->getName()); 276 } 277 278 /** 279 * Finds out if the user has the specified rights to the given object. 280 * 281 * @param string $permission The permission to check. 282 * @param string $user The user to check for. 283 * @param integer $perm The permission level that needs to be checked 284 * for. 285 * @param string $creator The creator of the event 286 * 287 * @return boolean True if the user has the specified permissions. 288 */ 289 function hasPermission($permission, $user, $perm, $creator = null) 290 { 291 return ($this->getPermissions($permission, $user, $creator) & $perm); 292 } 293 294 /** 295 * Checks if a permission exists in the system. 296 * 297 * @param string $permission The permission to check. 298 * 299 * @return boolean True if the permission exists. 300 */ 301 function exists($permission) 302 { 303 return $this->_datatree->exists($permission); 304 } 305 306 /** 307 * Returns a list of parent permissions. 308 * 309 * @param string $child The name of the child to retrieve parents for. 310 * 311 * @return array A hash with all parents in a tree format. 312 */ 313 function getParents($child) 314 { 315 return $this->_datatree->getParents($child); 316 } 317 318 /** 319 * Returns all permissions of the system in a tree format. 320 * 321 * @return array A hash with all permissions in a tree format. 322 */ 323 function &getTree() 324 { 325 $tree = $this->_datatree->get(DATATREE_FORMAT_FLAT, DATATREE_ROOT, true); 326 return $tree; 327 } 328 329 } 330 331 /** 332 * Extension of the DataTreeObject class for storing Permission information in 333 * the DataTree driver. If you want to store specialized Permission 334 * information, you should extend this class instead of extending 335 * DataTreeObject directly. 336 * 337 * @author Chuck Hagenbuch <chuck@horde.org> 338 * @author Jan Schneider <jan@horde.org> 339 * @since Horde 2.1 340 * @package Horde_Perms 341 */ 342 class DataTreeObject_Permission extends DataTreeObject { 343 344 /** 345 * The DataTreeObject_Permission constructor. Just makes sure to call the 346 * parent constructor so that the perm's name is set properly. 347 * 348 * @param string $name The name of the perm. 349 * @param string $type The permission type. 350 * @param array $params A hash with any parameters that the permission 351 * type needs. 352 */ 353 function DataTreeObject_Permission($name, $type = 'matrix', $params = null) 354 { 355 parent::DataTreeObject($name); 356 $this->data['type'] = $type; 357 if (is_array($params)) { 358 $this->data['params'] = $params; 359 } 360 } 361 362 /** 363 * Gets one of the attributes of the object, or null if it isn't defined. 364 * 365 * @param string $attribute The attribute to get. 366 * 367 * @return mixed The value of the attribute, or null. 368 */ 369 function get($attribute) 370 { 371 $value = parent::get($attribute); 372 if ($value === null && $attribute == 'type') { 373 $value = 'matrix'; 374 } 375 return $value; 376 } 377 378 /** 379 * Updates the permissions based on data passed in the array. 380 * 381 * @param array $perms An array containing the permissions which are to be 382 * updated. 383 */ 384 function updatePermissions($perms) 385 { 386 $type = $this->get('type'); 387 388 if ($type == 'matrix') { 389 /* Array of permission types to iterate through. */ 390 $perm_types = Perms::getPermsArray(); 391 } 392 393 foreach ($perms as $perm_class => $perm_values) { 394 switch ($perm_class) { 395 case 'default': 396 case 'guest': 397 case 'creator': 398 if ($type == 'matrix') { 399 foreach ($perm_types as $val => $label) { 400 if (!empty($perm_values[$val])) { 401 $this->setPerm($perm_class, $val, false); 402 } else { 403 $this->unsetPerm($perm_class, $val, false); 404 } 405 } 406 } elseif (!empty($perm_values)) { 407 $this->setPerm($perm_class, $perm_values, false); 408 } else { 409 $this->unsetPerm($perm_class, null, false); 410 } 411 break; 412 413 case 'u': 414 case 'g': 415 $permId = array('class' => $perm_class == 'u' ? 'users' : 'groups'); 416 /* Figure out what names that are stored in this permission 417 * class have not been submitted for an update, ie. have been 418 * removed entirely. */ 419 $current_names = isset($this->data[$permId['class']]) 420 ? array_keys($this->data[$permId['class']]) 421 : array(); 422 $updated_names = array_keys($perm_values); 423 $removed_names = array_diff($current_names, $updated_names); 424 425 /* Remove any names that have been completely unset. */ 426 foreach ($removed_names as $name) { 427 unset($this->data[$permId['class']][$name]); 428 } 429 430 /* If nothing to actually update finish with this case. */ 431 if ($perm_values === null) { 432 continue; 433 } 434 435 /* Loop through the names and update permissions for each. */ 436 foreach ($perm_values as $name => $name_values) { 437 $permId['name'] = $name; 438 439 if ($type == 'matrix') { 440 foreach ($perm_types as $val => $label) { 441 if (!empty($name_values[$val])) { 442 $this->setPerm($permId, $val, false); 443 } else { 444 $this->unsetPerm($permId, $val, false); 445 } 446 } 447 } elseif (!empty($name_values)) { 448 $this->setPerm($permId, $name_values, false); 449 } else { 450 $this->unsetPerm($permId, null, false); 451 } 452 } 453 454 break; 455 } 456 } 457 } 458 459 /** 460 * FIXME: needs docs 461 */ 462 function setPerm($permId, $permission, $update = true) 463 { 464 if (is_array($permId)) { 465 if (empty($permId['name'])) { 466 return; 467 } 468 if ($this->get('type') == 'matrix' && 469 isset($this->data[$permId['class']][$permId['name']])) { 470 $this->data[$permId['class']][$permId['name']] |= $permission; 471 } else { 472 $this->data[$permId['class']][$permId['name']] = $permission; 473 } 474 } else { 475 if ($this->get('type') == 'matrix' && 476 isset($this->data[$permId])) { 477 $this->data[$permId] |= $permission; 478 } else { 479 $this->data[$permId] = $permission; 480 } 481 } 482 483 if ($update) { 484 $this->save(); 485 } 486 } 487 488 /** 489 * FIXME: needs docs 490 */ 491 function unsetPerm($permId, $permission, $update = true) 492 { 493 if (is_array($permId)) { 494 if (empty($permId['name'])) { 495 return; 496 } 497 if ($this->get('type') == 'matrix') { 498 if (isset($this->data[$permId['class']][$permId['name']])) { 499 $this->data[$permId['class']][$permId['name']] &= ~$permission; 500 if (empty($this->data[$permId['class']][$permId['name']])) { 501 unset($this->data[$permId['class']][$permId['name']]); 502 } 503 if ($update) { 504 $this->save(); 505 } 506 } 507 } else { 508 unset($this->data[$permId['class']][$permId['name']]); 509 if ($update) { 510 $this->save(); 511 } 512 } 513 } else { 514 if ($this->get('type') == 'matrix') { 515 if (isset($this->data[$permId])) { 516 $this->data[$permId] &= ~$permission; 517 if ($update) { 518 $this->save(); 519 } 520 } 521 } else { 522 unset($this->data[$permId]); 523 if ($update) { 524 $this->save(); 525 } 526 } 527 } 528 } 529 530 /** 531 * Grants a user additional permissions to this object. 532 * 533 * @param string $user The user to grant additional permissions 534 * to. 535 * @param constant $permission The permission (PERMS_DELETE, etc.) to add. 536 * @param boolean $update Whether to automatically update the 537 * backend. 538 */ 539 function addUserPermission($user, $permission, $update = true) 540 { 541 if (empty($user)) { 542 return; 543 } 544 if ($this->get('type') == 'matrix' && 545 isset($this->data['users'][$user])) { 546 $this->data['users'][$user] |= $permission; 547 } else { 548 $this->data['users'][$user] = $permission; 549 } 550 551 if ($update) { 552 $this->save(); 553 } 554 } 555 556 /** 557 * Grants guests additional permissions to this object. 558 * 559 * @param constant $permission The permission (PERMS_DELETE, etc.) to add. 560 * @param boolean $update Whether to automatically update the 561 * backend. 562 */ 563 function addGuestPermission($permission, $update = true) 564 { 565 if ($this->get('type') == 'matrix' && 566 isset($this->data['guest'])) { 567 $this->data['guest'] |= $permission; 568 } else { 569 $this->data['guest'] = $permission; 570 } 571 572 if ($update) { 573 $this->save(); 574 } 575 } 576 577 /** 578 * Grants creators additional permissions to this object. 579 * 580 * @param constant $permission The permission (PERMS_DELETE, etc.) to add. 581 * @param boolean $update Whether to automatically update the 582 * backend. 583 */ 584 function addCreatorPermission($permission, $update = true) 585 { 586 if ($this->get('type') == 'matrix' && 587 isset($this->data['creator'])) { 588 $this->data['creator'] |= $permission; 589 } else { 590 $this->data['creator'] = $permission; 591 } 592 593 if ($update) { 594 $this->save(); 595 } 596 } 597 598 /** 599 * Grants additional default permissions to this object. 600 * 601 * @param constant $permission The permission (PERMS_DELETE, etc.) to add. 602 * @param boolean $update Whether to automatically update the 603 * backend. 604 */ 605 function addDefaultPermission($permission, $update = true) 606 { 607 if ($this->get('type') == 'matrix' && 608 isset($this->data['default'])) { 609 $this->data['default'] |= $permission; 610 } else { 611 $this->data['default'] = $permission; 612 } 613 614 if ($update) { 615 $this->save(); 616 } 617 } 618 619 /** 620 * Grants a group additional permissions to this object. 621 * 622 * @param integer $groupId The id of the group to grant additional 623 * permissions to. 624 * @param constant $permission The permission (PERMS_DELETE, etc.) to add. 625 * @param boolean $update Whether to automatically update the 626 * backend. 627 */ 628 function addGroupPermission($groupId, $permission, $update = true) 629 { 630 if (empty($groupId)) { 631 return; 632 } 633 634 if ($this->get('type') == 'matrix' && 635 isset($this->data['groups'][$groupId])) { 636 $this->data['groups'][$groupId] |= $permission; 637 } else { 638 $this->data['groups'][$groupId] = $permission; 639 } 640 641 if ($update) { 642 $this->save(); 643 } 644 } 645 646 /** 647 * Removes a permission that a user currently has on this object. 648 * 649 * @param string $user The user to remove the permission from. 650 * @param constant $permission The permission (PERMS_DELETE, etc.) to 651 * remove. 652 * @param boolean $update Whether to automatically update the 653 * backend. 654 */ 655 function removeUserPermission($user, $permission, $update = true) 656 { 657 if (empty($user) || !isset($this->data['users'][$user])) { 658 return; 659 } 660 661 if ($this->get('type') == 'matrix') { 662 $this->data['users'][$user] &= ~$permission; 663 if (empty($this->data['users'][$user])) { 664 unset($this->data['users'][$user]); 665 } 666 } else { 667 unset($this->data['users'][$user]); 668 } 669 670 if ($update) { 671 $this->save(); 672 } 673 } 674 675 /** 676 * Removes a permission that guests currently have on this object. 677 * 678 * @param constant $permission The permission (PERMS_DELETE, etc.) to 679 * remove. 680 * @param boolean $update Whether to automatically update the 681 * backend. 682 */ 683 function removeGuestPermission($permission, $update = true) 684 { 685 if (!isset($this->data['guest'])) { 686 return; 687 } 688 689 if ($this->get('type') == 'matrix') { 690 $this->data['guest'] &= ~$permission; 691 if ($update) { 692 $this->save(); 693 } 694 } else { 695 unset($this->data['guest']); 696 if ($update) { 697 $this->save(); 698 } 699 } 700 } 701 702 /** 703 * Removes a permission that creators currently have on this object. 704 * 705 * @param constant $permission The permission (PERMS_DELETE, etc.) to 706 * remove. 707 * @param boolean $update Whether to automatically update the 708 * backend. 709 */ 710 function removeCreatorPermission($permission, $update = true) 711 { 712 if (!isset($this->data['creator'])) { 713 return; 714 } 715 716 if ($this->get('type') == 'matrix') { 717 $this->data['creator'] &= ~$permission; 718 if ($update) { 719 $this->save(); 720 } 721 } else { 722 unset($this->data['creator']); 723 if ($update) { 724 $this->save(); 725 } 726 } 727 } 728 729 /** 730 * Removes a default permission on this object. 731 * 732 * @param constant $permission The permission (PERMS_DELETE, etc.) to 733 * remove. 734 * @param boolean $update Whether to automatically update the 735 * backend. 736 */ 737 function removeDefaultPermission($permission, $update = true) 738 { 739 if (!isset($this->data['default'])) { 740 return; 741 } 742 743 if ($this->get('type') == 'matrix') { 744 $this->data['default'] &= ~$permission; 745 if ($update) { 746 $this->save(); 747 } 748 } else { 749 unset($this->data['default']); 750 if ($update) { 751 $this->save(); 752 } 753 } 754 } 755 756 /** 757 * Removes a permission that a group currently has on this object. 758 * 759 * @param integer $groupId The id of the group to remove the 760 * permission from. 761 * @param constant $permission The permission (PERMS_DELETE, etc.) to 762 * remove. 763 * @param boolean $update Whether to automatically update the 764 * backend. 765 */ 766 function removeGroupPermission($groupId, $permission, $update = true) 767 { 768 if (empty($groupId) || !isset($this->data['groups'][$groupId])) { 769 return; 770 } 771 772 if ($this->get('type') == 'matrix') { 773 $this->data['groups'][$groupId] &= ~$permission; 774 if (empty($this->data['groups'][$groupId])) { 775 unset($this->data['groups'][$groupId]); 776 } 777 if ($update) { 778 $this->save(); 779 } 780 } else { 781 unset($this->data['groups'][$groupId]); 782 if ($update) { 783 $this->save(); 784 } 785 } 786 } 787 788 /** 789 * Returns an array of all user permissions on this object. 790 * 791 * @param integer $perm List only users with this permission level. 792 * Defaults to all users. 793 * 794 * @return array All user permissions for this object, indexed by user. 795 */ 796 function getUserPermissions($perm = null) 797 { 798 if (!isset($this->data['users']) || !is_array($this->data['users'])) { 799 return array(); 800 } elseif (!$perm) { 801 return $this->data['users']; 802 } else { 803 $users = array(); 804 foreach ($this->data['users'] as $user => $uperm) { 805 if ($uperm & $perm) { 806 $users[$user] = $uperm; 807 } 808 } 809 return $users; 810 } 811 } 812 813 /** 814 * Returns the guest permissions on this object. 815 * 816 * @return integer The guest permissions on this object. 817 */ 818 function getGuestPermissions() 819 { 820 return !empty($this->data['guest']) ? 821 $this->data['guest'] : 822 null; 823 } 824 825 /** 826 * Returns the creator permissions on this object. 827 * 828 * @return integer The creator permissions on this object. 829 */ 830 function getCreatorPermissions() 831 { 832 return !empty($this->data['creator']) ? 833 $this->data['creator'] : 834 null; 835 } 836 837 /** 838 * Returns the default permissions on this object. 839 * 840 * @return integer The default permissions on this object. 841 */ 842 function getDefaultPermissions() 843 { 844 return !empty($this->data['default']) ? 845 $this->data['default'] : 846 null; 847 } 848 849 /** 850 * Returns an array of all group permissions on this object. 851 * 852 * @param integer $perm List only users with this permission level. 853 * Defaults to all users. 854 * 855 * @return array All group permissions for this object, indexed by group. 856 */ 857 function getGroupPermissions($perm = null) 858 { 859 if (!isset($this->data['groups']) || 860 !is_array($this->data['groups'])) { 861 return array(); 862 } elseif (!$perm) { 863 return $this->data['groups']; 864 } else { 865 $groups = array(); 866 foreach ($this->data['groups'] as $group => $gperm) { 867 if ($gperm & $perm) { 868 $groups[$group] = $gperm; 869 } 870 } 871 return $groups; 872 } 873 } 874 875 }
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 18:01:28 2007 | par Balluche grâce à PHPXref 0.7 |